<link rel="stylesheet" type="text/css" href="../css/alert.css">
<meta charset="UTF-8">
<?php
include_once("../functions/db_manipulate.php");

if (!init()) {
  redirect("?action=login");
}

$fakePass = "";
connectDB();

startTransaction();
$resultSet = null;

$initiatorAction = \controller\ControllerUtil::getEncodedActionFromUrlWithParameters($_SERVER['HTTP_REFERER']);

if ($_POST['nick'] != $_POST['oldnick'] && $_POST['email'] != $_POST['oldmail']) {

  $fakePass = generatePassword(8);
  $pass = encryptString($_POST['nick'], $fakePass);

  $resultSet = mysql_query("UPDATE users SET nick='" . mysql_real_escape_string($_POST['nick']) . "',
                                           firstname='" . mysql_real_escape_string($_POST['firstname']) . "',
                                           lastname='" . mysql_real_escape_string($_POST['lastname']) . "',
                                           email='" . mysql_real_escape_string($_POST['email']) . "',
                                           icq='" . mysql_real_escape_string($_POST['icq']) . "',
                                           skype='" . mysql_real_escape_string($_POST['skype']) . "',
                                           mobile='" . mysql_real_escape_string($_POST['mobile']) . "',
                                           address='" . mysql_real_escape_string($_POST['address']) . "',
                                           methods='" . mysql_real_escape_string($_POST['methods']) . "',
                                           password='" . $pass . "',
                                           birth='" . mysql_real_escape_string($_POST['birth']) . "'
                              WHERE id = '" . $_SESSION['id'] . "'
                                           ");


} else if ($_POST['oldnick'] == $_POST['nick']) {
  $resultSet = mysql_query("UPDATE users SET
                                           firstname='" . mysql_real_escape_string($_POST['firstname']) . "',
                                           lastname='" . mysql_real_escape_string($_POST['lastname']) . "',
                                           email='" . mysql_real_escape_string($_POST['email']) . "',
                                           icq='" . mysql_real_escape_string($_POST['icq']) . "',
                                           skype='" . mysql_real_escape_string($_POST['skype']) . "',
                                           mobile='" . mysql_real_escape_string($_POST['mobile']) . "',
                                           address='" . mysql_real_escape_string($_POST['address']) . "',
                                           methods='" . mysql_real_escape_string($_POST['methods']) . "',
                                           birth='" . mysql_real_escape_string($_POST['birth']) . "'
                              WHERE id = '" . $_SESSION['id'] . "'
                                           ");
} else if ($_POST['email'] == $_POST['oldmail']) {
  $fakePass = generatePassword(8);
  $pass = encryptString($_POST['nick'], $fakePass);

  $resultSet = mysql_query("UPDATE users SET nick='" . mysql_real_escape_string($_POST['nick']) . "',
                                           firstname='" . mysql_real_escape_string($_POST['firstname']) . "',
                                           lastname='" . mysql_real_escape_string($_POST['lastname']) . "',
                                           icq='" . mysql_real_escape_string($_POST['icq']) . "',
                                           skype='" . mysql_real_escape_string($_POST['skype']) . "',
                                           mobile='" . mysql_real_escape_string($_POST['mobile']) . "',
                                           address='" . mysql_real_escape_string($_POST['address']) . "',
                                           methods='" . mysql_real_escape_string($_POST['methods']) . "',
                                           password='" . $pass . "',
                                           birth='" . mysql_real_escape_string($_POST['birth']) . "'
                              WHERE id = '" . $_SESSION['id'] . "'
                                           ");
}

if ($resultSet) {
  commitTransaction();
  if ($_POST['nick'] != $_POST['oldnick']) {
    $to = $_POST['email'];
    $subject = "Иноформация пользователя  была изменена";
    $message = "<html>
<head>
  <title>Внимание !</title>
</head>
<body>
  <p>Ваш новый пароль (Вы можете его изменить в настройках пользователя): </p>
  <table>
    <tr>
      <td>Логин:</td><td> " . $_POST['nick'] . "</td>
    </tr>
    <tr>
      <td>Пароль:</td><td>" . $fakePass . "</td>
    </tr>
  </table>
</body>
</html>";
    $headers = "From: administration@theflynet.com" . "\r\n";
    $headers .= 'MIME-Version: 1.0' . "\r\n";
    $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";;
    mail($to,"=?utf-8?B?".base64_encode($subject)."?=", $message, $headers);
  }
  redirect("?action=msg&header=header.user.data.change.success&body=body.user.data.change.success&view=" . $initiatorAction);
} else {
  rollbackTransaction();
  redirect("?action=msg&header=header.registration.user.exists&body=body.registration.user.exists&view=" . $initiatorAction);
}